The present invention relates generally to a biometrically activated device. More specifically, the invention relates to a biometrically activated device capable of authenticating or verifying a user's identity based on a unique internal biometric marker, or combination of unique internal biometric markers, of a user, thereby allowing or denying access to and/or control over an electronic component.
Security devices have been around for ages. From draw-bridges to locks on doors and furniture, people have attempted to secure their well-being and personal belongings from harms way. As technological advances were made, new means of security were created. Door locks require codes to disengage the lock, car doors are equipped with number pads, vehicle ignition keys include microchips encoded to communicate with the vehicle so as to prevent theft. Financial transactions have also become more secure. Currency is more sophisticated in order to thwart copying, credit cards require authentication signatures, bank account access requires account numbers, and personal identification numbers are issued for everything from calling cards to internet access to stock market trading accounts.
As technology continues to advance at a rapid rate, the search for more sophisticated, unbreakable, security measures continues. The key to an effective security system is the identification of the individual or entity attempting to access that which is protected by the security system, be it a home, financial information, or communications. Mechanical keys can be copied, personal identification numbers stolen, and credit cards misused without much trouble. The level of theft is evident from the billions of dollars in fraudulent financial transactions taking place each year, stolen vehicles, and home break-ins. Of particular concern is the relatively new crime wherein a persons ‘identity’ is stolen. In this day and age, a person's identity is closely tied to a bank account number, a phone number, an identification number, a social security number, or other such information which is easily stolen and then used to access the owner's information or property. When such a crime occurs, the victim suffers financial decimation, credit destruction, and countless hours of agony in attempting to ‘rebuild’ their ‘identity’.
One form of fraud involves electronic transaction fraud, such as fraudulent credit and debit card transactions. Typically, a magnetic strip on one surface of such cards carries an electronic form of a series of numbers, which identifies the account to be credited or debited. To execute a financial transaction using such a card, all that is needed is the series of numbers and authentication that the card is being used by the authorized user. Such authorization typically consists of photo identification or verification of a signature if the card is being used in a person to person transaction. Transactions conducted through other media, such as the telephone or over the internet, are often authenticated using some other form of identification, such as the billing address or phone number of the authorized user of the card. Because this information is often readily available to the public, such authentication processes are not very secure.
In the electronic transaction market, efficient identification of people is not only very critical, but very difficult, due to the rapid nature of monetary exchanges. In cases of pure electronic transactions, there is no physical document that acts as a transaction mechanism. In addition to this, most electronic transactions are performed from a location that is remote relative to the funds involved. The identification of the holder of the transaction device, such as a credit card, is the responsibility of the merchant or third party willing to accept an electronic transaction. Accurate identification and authentication of the validity of the transaction device is not always possible and, even when obtained, is not always accurate.
The advent of the internet has added an entirely new dimension to the problems associated with electronic transaction fraud. The internet provides a medium wherein the user of a transaction device and a third party willing to accept an electronic transfer of funds never have any actual contact. This creates further authentication problems for the third party because the transfer device is not physically present, the identification of the user is not visually apparent, and a telephone number cannot be authenticated. As a result of the increased use of e-commerce, and ensuing authentication difficulties therewith, the incidence of electronic transaction fraud has been on the increase. In the immediate future, the opportunity and incidence of fraud will increase correspondingly unless sufficient security measures capable of positively identifying an individual are implemented.
The market has responded to the difficulties of authenticating electronic transfer devices, and positively identifying individuals, by searching for a viable biometric solution to the problems. Biometric technology generally involves the electronic identification of an individual using physiological traits which are unique to that same individual. Fingerprints are an excellent example of a biometric marker used for years to provide the unique identification of individuals. Because a fingerprint is unique to an individual, the identity of that individual may be determined through an analysis of the fingerprint. Thus, the identity of the individual, determined from a fingerprint, may act as a ‘key’ to unlock data or allow access through a door.
In particular, fingerprints have been used to secure some transactions and have been proposed for use in other areas. Many banks require that a finger print or thumb print of a person cashing a check be placed on the check. This allows the bank to later verify or identify anyone passing fraudulent checks. Along a similar line, it has been proposed that Automated Teller Machines (ATM) be equipped with fingerprint pads to provide further security to ATM transactions. An ATM having a fingerprint pad would require the user to validate their ATM card by way of their fingerprint. This could be accomplished by inserting the ATM card into the machine, entering a Personal Identification Number (PIN), and then requiring the user to place their thumb or finger on the pad so that the ATM machine can analyze the fingerprint and confirm the identity of the individual using the card. Such a system would necessarily rely on a database built into the ATM or connected to the ATM, to provide a list of users and corresponding fingerprint information. The fingerprint of the user could be compared to the data in the database to confirm that the ATM card being used did in fact belong to the person associated with the fingerprint placed on the fingerprint pad of the ATM.
Other known biometric markers include palm prints, iris scans, proportional comparison of physical traits, and voice recognition. For the most part, these biometric markers, like the fingerprint, are external physiological traits or characteristics. Information unique to an individual is gathered through various scanning processes which scan a external biometric marker of an individual. A number of United States patents discuss biometric devices which may be used to help identify a person. Examples of external biometric devices include those described in U.S. Pat. Nos. 4,537,484; 4,544,267; 4,699,149; 4,728,186; 4,784,484; 5,073,950; 5,077,803; 5,088,817; 5,103,486; 5,230,025; and 5,335,288 Internal biometric data has also been used to verify that a subject is alive. Such verifications have been accomplished by passively verifying physiological process, such as registering electrical impulses (EKG), or actively verifying physiological norms by introducing and capturing a modified signal, such as introducing light energy to determine blood gas content (pulse oximeter). Examples of such biometric readings are describe in U.S. Pat. Nos. 5,719,950; and 5,737,439. The disclosures of each of the patents listed above are hereby incorporated by reference.
One of the downfalls of using the devices which are currently available in the market for analyzing external biometric markers is the cost of installing the necessary scanning devices to provide the required security. For each different trait to be tested, whether it is a fingerprint, retinal scan, voice print, or the like, a different piece of expensive scanning equipment is necessary. Installation of such equipment into machines such as ATMs is economically impractical because each ATM would require the installation of the expensive scanning device.
Another downfall of the biometric scanning devices currently available is their size. The necessary scanning equipment is bulky, making it impractical to attach the scanning equipment to portable devices such as cell phones, credit cards, personal data assistants, portable computers, and the like.
Further, incompatibility across multiple systems renders the deployment of standard biometric identification on a wide scale very challenging, if not impossible. In addition, large databases storing the vast amount of data necessary to authenticate biometrically activated transactions or authentications result in further costs which have heretofore made biometric identification a poor candidate as a security device for low level or mass produced systems.
The downfalls of the current biometrically activated security systems can be overcome through the use of portable biometrically activated devices which only store the biometric profile of a single individual or a small group of individuals. The use of unique internal biometric markers, rather than external biometric markers, provides advantages which overcome the downfalls of the present biometric scanning devices used for security and the identification of individuals.